dhis2-users team mailing list archive
-
dhis2-users team
-
Mailing list archive
-
Message #13951
Re: OAuth & Single-Sign-on / CAS with DHIS2
Thanks! Will look into those URLs.
Kind regards,
Jason Phillips
HISP SA Infrastructure
(Sent from my mobile, so please excuse any typos)
On 7 Aug 2017 15:52, "Edward Robinson" <erobinson@xxxxxxxxxxxxxxxxxx> wrote:
> Just adding my 5c – OpenID has been superseded by OpenID connect
> <https://openid.net/connect/faq/>
>
> These may be interesting reading too:
>
> http://lightstep.com/blog/everything-I-wish-I-knew-about-enterprise-sso/
>
> https://developers.google.com/identity/protocols/OpenIDConnect
>
>
>
>
>
> Cheers
>
> Ed
>
>
>
> *From:* Dhis2-users [mailto:dhis2-users-bounces+erobinson=
> projectbalance.com@xxxxxxxxxxxxxxxxxxx] *On Behalf Of *Jason Phillips
> *Sent:* Monday, 07 August 2017 11:57 AM
> *To:* Morten Olav Hansen <morten@xxxxxxxxx>
> *Cc:* DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
> *Subject:* Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2
>
>
>
> Hi Morten,
>
>
>
> Thanks for your reply.
>
>
>
> We did consider LDAP – and it’s certainly still on the table – but were
> definitely, based on your response, heading in the wrong direction; I have
> been investigating a number of OpenID server entities instead, so I am
> grateful for your advice.
>
> We’ll experiment with LDAP instead, and see where we wind up! One day
> soon, we hope to begin documenting and sharing with the community all our
> “solutions”, so will eventually revert with our end-game…
>
>
>
> Kind Regards,
>
> *Jason Phillips*
>
> [image: hisp]
> *Information Systems / Infrastructure*
>
> * Health Information Systems Program ____________________________________*
>
> This message and any attachments are subject to a disclaimer published at
> http://www.hisp.org/policies.html#comms_disclaimer. Please read the
> disclaimer before opening any attachment or taking any other action in
> terms of this electronic transmission. If you cannot access the
> disclaimer, kindly send an email to disclaimer@xxxxxxxx and a copy will
> be provided to you. By replying to this e-mail or opening any attachment
> you agree to be bound by the provisions of the disclaimer.
>
>
>
>
>
> *From:* Morten Olav Hansen [mailto:morten@xxxxxxxxx]
> *Sent:* Sunday, 06 August 2017 7:49 PM
> *To:* Jason Phillips <jason@xxxxxxxx>
> *Cc:* DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>
> *Subject:* Re: [Dhis2-users] OAuth & Single-Sign-on / CAS with DHIS2
>
>
>
> Hi Jason
>
>
>
> Have you considered using LDAP? we have had support for that a few
> releases. OpenID is basically deprecated, and I suggest not going that
> route. OAuth2 does not itself contain any authentication protocols (we are
> using basic or form based to get the bearer token).
>
>
>
> We have a issue for adding OpenID connect support (OpenID 2 + OAuth2) but
> that's not something that is coming soon.
>
>
> --
>
> Morten Olav Hansen
>
> Senior Engineer, DHIS 2
>
> University of Oslo
>
> http://www.dhis2.org
>
>
>
> On Fri, Aug 4, 2017 at 10:38 AM, Jason Phillips <jason@xxxxxxxx> wrote:
>
> Greetings, community!
>
>
>
> HISP SA is looking at ways to implement a single-sign-on solution within
> our hosted DHIS2 instances, potentially using OAuth and a self-hosted
> central OpenID/OpenAuth server entity (or even a dhis2 instance?) for
> authentication.
>
> Has anyone got any experience with implementing such a solution, and/or
> any advice about what the best practice could/would be to do so?
> The aim would be to try and get all dhis2 instances to share a single
> user’s password across the board, and ideally be able to revoke, manage and
> control access to all instances in a single location.
>
>
>
> Any advice, comments, suggestions or guidance would be most welcome.
>
>
>
> Kind Regards,
>
> *Jason Phillips*
>
> [image: hisp]
> *Information Systems / Infrastructure*
>
> * Health Information Systems Program ____________________________________*
>
> eMail: jason@xxxxxxxx
> Tel/Fax: +27 21 712 0170 <+27%2021%20712%200170>
> Cell: +27 72 973 7250 <+27%2072%20973%207250>
> Skype: jason.n.phillips
>
> This message and any attachments are subject to a disclaimer published at
> http://www.hisp.org/policies.html#comms_disclaimer. Please read the
> disclaimer before opening any attachment or taking any other action in
> terms of this electronic transmission. If you cannot access the
> disclaimer, kindly send an email to disclaimer@xxxxxxxx and a copy will
> be provided to you. By replying to this e-mail or opening any attachment
> you agree to be bound by the provisions of the disclaimer.
>
>
>
> [image: cid:image002.jpg@01D2F4CE.CFC9B9B0]
>
> See the conference website <https://www.ehealthalive.org/> for more
> information!
>
>
>
>
>
>
>
> *This message and any attachments are subject to a disclaimer published at
> http://www.hisp.org/policies.html#comms_disclaimer
> <http://www.hisp.org/policies.html#comms_disclaimer>. Please read the
> disclaimer before opening any attachment or taking any other action in
> terms of this electronic transmission. If you cannot access the
> disclaimer, kindly send an email to disclaimer@xxxxxxxx
> <disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to
> this e-mail or opening any attachment you agree to be bound by the
> provisions of the disclaimer.*
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help : https://help.launchpad.net/ListHelp
>
>
>
>
>
> *This message and any attachments are subject to a disclaimer published at
> http://www.hisp.org/policies.html#comms_disclaimer
> <http://www.hisp.org/policies.html#comms_disclaimer>. Please read the
> disclaimer before opening any attachment or taking any other action in
> terms of this electronic transmission. If you cannot access the
> disclaimer, kindly send an email to disclaimer@xxxxxxxx
> <disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to
> this e-mail or opening any attachment you agree to be bound by the
> provisions of the disclaimer.*
>
--
*This message and any attachments are subject to a disclaimer published at
http://www.hisp.org/policies.html#comms_disclaimer
<http://www.hisp.org/policies.html#comms_disclaimer>. Please read the
disclaimer before opening any attachment or taking any other action in
terms of this electronic transmission. If you cannot access the
disclaimer, kindly send an email to disclaimer@xxxxxxxx
<disclaimer@xxxxxxxx> and a copy will be provided to you. By replying to
this e-mail or opening any attachment you agree to be bound by the
provisions of the disclaimer.*
References